General
-
Target
bc9964b04c2c38eb8fab28aae525071e.exe
-
Size
106KB
-
Sample
220421-ahn4eachb7
-
MD5
bc9964b04c2c38eb8fab28aae525071e
-
SHA1
62599cf43426898880b02997370780db75a157bf
-
SHA256
deceeec4d99e6b4b70de57d6ee732b1f70e6cbb9ea27d0bb7304fd51b1ca0b2d
-
SHA512
388c8136ee8e78c31266ac7b56ea177573fae7f6935fc6fce399fa724b68b57fb094fc6f0ef6d84e1b92566b48693108cfb7c18b4917c63f1086c5441c19a46f
Behavioral task
behavioral1
Sample
bc9964b04c2c38eb8fab28aae525071e.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
7
49.12.222.31:8854
-
auth_value
811329e6a45eab1a6b331f7b5c15ef6d
Targets
-
-
Target
bc9964b04c2c38eb8fab28aae525071e.exe
-
Size
106KB
-
MD5
bc9964b04c2c38eb8fab28aae525071e
-
SHA1
62599cf43426898880b02997370780db75a157bf
-
SHA256
deceeec4d99e6b4b70de57d6ee732b1f70e6cbb9ea27d0bb7304fd51b1ca0b2d
-
SHA512
388c8136ee8e78c31266ac7b56ea177573fae7f6935fc6fce399fa724b68b57fb094fc6f0ef6d84e1b92566b48693108cfb7c18b4917c63f1086c5441c19a46f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-